CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.3%
The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service.
Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the default configuration. If no external restrictions, such as firewalls, are in place, this may allow unintended remote use of the HTTP proxy service.
Unauthenticated remote attackers may be able to use the HTTP proxy service running on the local machine. This may result in the attacker gaining the ability to access previously inaccessible network locations or to hide the true origin of their attack.
Apply An Update
Apple has addressed the issue in Security Update 2005-005.
As a workaround, other access restrictions such as firewalls may be used to restrict access to the HTTP proxy service.
140470
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 05, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Apple has addressed the issue in Security Update 2005-005.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23140470 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-1340 |
---|---|
Severity Metric: | 6.89 Date Public: |